Cybersecurity Lead / Information System Security Officer (ISSO)

• Location: Hybrid / Remote with travel to CNIC HQ (Millington, TN) and field installations
• Eligibility: U.S. citizenship; ability to obtain and maintain the appropriate background investigation level
  
• Status: Full-time, contingent on contract award

Position summary

The Cybersecurity Lead / ISSO is the senior security accountable for every change touching CNIC F&FR's connected environment. You will treat each network, application, or configuration change as a potential RMF event, evaluate impact against ATO boundaries before implementation, run the coordinated change package process with pre-approved POA&Ms, and ensure no installation is out of compliance for more than 24 hours. You will participate as a voting member of the weekly Joint Change Advisory Board.

What you will own

• RMF treatment of all changes — impact analysis against ATO boundaries, security control baselines, and continuous monitoring requirements.
• POA&M development, tracking, and closure across distributed installations.
• Coordinated change packages for cross-domain releases (e.g., concurrent ERP patch + POS firmware refresh) with staged rollout against the F&FR maintenance calendar.
• ATO renewal coordination with Authorizing Officials and CNIC cybersecurity stakeholders.
• Security control testing and audit-trail integrity during patch windows.
• Cybersecurity workforce: ISSO support, cybersecurity analysts, compliance specialists.
• Standing voting seat on the Joint Change Advisory Board (JCAB).

Required qualifications

• Active CISSP certification.
• CASP+ or equivalent advanced security certification.
• DoD 8140 / 8570 IAT Level 2 baseline certification (Security+ or equivalent) — required for privileged access per RFP C-12.2.
• 10+ years RMF practitioner experience in DoD environments.
• Direct experience as an ISSO on a system with an active ATO.
• Demonstrated experience evaluating change impact against ATO boundaries on enterprise IT environments.
• Working knowledge of NIST SP 800-53 controls, eMASS, and DoD continuous monitoring requirements.
• U.S. citizenship; ability to obtain and maintain the appropriate background investigation level.

Preferred qualifications

• Active or recent Secret clearance (likely required at the task order level for systems touching DoD-connected networks).
• Prior ISSO experience on a NAF or Navy connected system.
• CISM, CISA, or Security+ instructor-level credentials.
• Experience with cloud security control inheritance (FedRAMP, DISA SRG IL2/IL4).